2y ago

Is it better to put OpenVPN (for PIA) on my OPNsense router, as an LXC on Proxmox, or the (soon to be deprecated) feature in my TrueNAS Scale VM?

I was going to use the built-in OpenVPN in TrueNAS until I found out it's going to be deprecated.

I only really need it for the qbitorrent/transmission and prowlarr/jackett (haven't decided yet) apps in TrueNAS, so I don't know what the next best option is.

I have found plenty of documentation on how to use the integrated OpenVPN feature of TrueNAS, but since the announcement of it's deprecation and future elimination is only ~2 months old, I haven't found any new documentation yet on alternate methods.

I see stuff about tailscale but that doesn't seem to be what I'm trying to do.

Thanks.

13 comments

Check out wireguard, its way smaller and faster than OpenVPN and still FOSS.
https://www.privateinternetaccess.com/vpn-features/wireguard
Very user friendly if you install it with a GUI, almost to plug and play level.
- I'd go this route directly on OPNsense.
- In order to use PIA in the Wireguard app, don't I have to select
  OpenVPN (deprecated)
  in the dropdown for VPN? I'm trying to avoid something that will be removed in the near future. Or am I reading that wrong?
  
  Did a little research and seems to be a PIA issue; they don't provide config files.. But there is a workaround: https://github.com/pia-foss/manual-connections
  Or a Python script to obtain a config file: https://github.com/hsand/pia-wg
  But there are other VPNs that will let you download config files for use, I have no idea why PIA makes it hard.
  You would need to create a docker image or some sort of container/VM (container preferred) to host wireguard. This is what I personally use: https://github.com/wg-easy/wg-easy
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:
Fewer Letters More Letters

LXC Linux Containers
PIA Private Internet Access brand of VPN
VPN Virtual Private Network
2 acronyms in this thread; the most compressed thread commented on today has 9 acronyms.
[Thread #178 for this sub, first seen 1st Oct 2023, 07:05] [FAQ] [Full list] [Contact] [Source code]
If you plan to use docker containers for qbittorrent. gluetun is a pretty good way to put everything behind a vpn. It supports openvpn and wireguard, with presets for many providers
- This is what I do for downloading Linux ISOs. It works a treat.
- This is what I do with qbitttorrent and PIA. But I don't have the *rr apps using the VPN, just torrenting. And now I basically never use it since I have usenet ¯(ツ)/¯
For me this depends if you switch off any device in the year, for example, in my case when I'm on holidays usually out home, I switch off the proxmox server but I don't switch off my router so, in my case I'll choose to install in the router.
Maybe you will ask why I switch off my proxmox and basically the answer is because if something fails and I'm not at home to solve it, I don't want the server running wrongly until I'm back.
- Ah that makes sense. I plan to run this thing 24/7
  
  Then I'll prefer to install in the router, usually maintenance is less and shortest in the router. If you stop the proxmox server or the truenas for maintenance, you will stop the VPN. In my case it will cause an issue to my family
Use the wireguard plugin directly on your OPNsense router.
I've heard the Tailscale plugin is good as well, maybe easier to set up. I've never used it though. Overall, Tailscale seems very approachable and is based on wireguard as well.
I use Tailscale on PFsense. Just advertise the route to the local subnet and accept routes on whatever machine you're accessing from and you've got yourself a pretty much plug and play solution.

Fewer Letters	More Letters
LXC	Linux Containers
PIA	Private Internet Access brand of VPN
VPN	Virtual Private Network

13 comments